Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

Ay i second that one.. biggest group of billionaire thieves known and
seemingly go anonymously by... i would not even serach for theyre
'security' as they would not care ... i doubt...,
2 other banks wich, are pretty blatant thieves also, (by thieves i
mean they do not align to reserve bank rate drops...)...anyhow i tried
to contact 2 to stop some real nasty redirecting spam and, theyre
online form on one was dead, second one i got a...

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

Cisco Security Advisory - Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Cisco Security Advisory - Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

Cisco Security Advisory - Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.

SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.

SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.

Here’s an interesting take on a Lego clock, it uses rotating squares to change the orientation of the black and white tiles to display the needed number. As we see one of the digits cycling to the next number in the video after the break, a couple of different things pop into mind. This seems [...]

reminds me of the vanity onion generator shallot. you could do this
with legitimate keys and take forever, or you could generate weak keys
quickly to find a prefix in reasonable time.

(in this case, legitimate handshakes are not strictly required for
testing, but it would be nice to keep that option. for example,
establishing an upper bound of concurrent SSL/TLS connections for load
balancer / server benchmarks. it takes me forever to...

This one must have been fun to come up with because it’s got it all. There’s hardware, firmware, networking, and server scripts all working together to create a filing, scanning document center for your business. The best part is that [Janis Jakaitis] was tasked to do this as part of his job (we’re sure there’s [...]

[Irongeek] is up to his old tricks once again with this new key logger prototype. It’s in the early stages, as attested by the breadboard built circuit, but [Adrian] still gives us a demo video after the break showing where he’s at right now. It comes in two flavors, the USB pass through seen above, [...]

The guys over at the 43oh forums have been working on an OLED display booster pack for the TI Launchpad. The booster pack is now available in the 43oh store and is pretty cheap to boot. The TI Launchpad is an awesome little dev board with a ravenous fan base. We’ve seen a lot of [...]

[Will] wrote in to share a useful add-on he designed for the ChipKIT UNO 32, a 12-port temperature sensor board. Constructed for one of his customers, the shield accepts any 2-wire 10k thermistor sensors, outputting the readings to a small LCD screen. The screen is supported by some code put together by his associate [crenn], [...]

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Here's the thing. I'm working on an internal team. I've watched this talk,
I've downloaded Praeda and scanned some of our internal nets, and think I
have a general sense of what the future might hold in this area. I keep
coming back to my original question. Is this stuff for real? Am I missing
something, or is the answer to "block port 80." I'm curious, but know I'll
never get a...

Looks like New York’s fire brigade confiscated all of the gas (or bio-diesel) generators from Occupy Wall Street protesters in Zuccotti Park. Apparently the Fire Chief cites the generators as a fire hazard. This seems a dubious claim. One of the shots in the video after the break clearly shows fire extinguishers close at hand, but [...]

Mandriva Linux Security Advisory 2011-164 - This advisory updates wireshark to the latest version (1.6.3), fixing several security issues. An uninitialized variable in the CSN.1 dissector could cause a crash. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.

Mandriva Linux Security Advisory 2011-164 - This advisory updates wireshark to the latest version (1.6.3), fixing several security issues. An uninitialized variable in the CSN.1 dissector could cause a crash. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.

Mandriva Linux Security Advisory 2011-164 - This advisory updates wireshark to the latest version (1.6.3), fixing several security issues. An uninitialized variable in the CSN.1 dissector could cause a crash. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.

Mandriva Linux Security Advisory 2011-163 - Multiple vulnerabilities was discovered and corrected in phpldapadmin. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Input passed to the orderby parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. The updated packages have been upgraded to the latest version which is not vulnerable to these issues.

Mandriva Linux Security Advisory 2011-163 - Multiple vulnerabilities was discovered and corrected in phpldapadmin. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Input passed to the orderby parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. The updated packages have been upgraded to the latest version which is not vulnerable to these issues.

Mandriva Linux Security Advisory 2011-163 - Multiple vulnerabilities was discovered and corrected in phpldapadmin. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Input passed to the orderby parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. The updated packages have been upgraded to the latest version which is not vulnerable to these issues.

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.

We’ve seen quadrocopters galore over the past few years. We’ve never seen one big enough to lift a person until now. [Thomas], [Stephan], and [Alexander] of e-volo have been working on a gigantic, human-lifting multicopter for a few years now. A few days ago, their prototype took to the air carrying a fully human pilot. [...]

Although Dogs and other animals love to mark their territory with urine, this technique has been generally ignored by human beings. Despair no more, fellow homo sapiens, we have now developed the ability to check-in on foursquare through your information stream. This device is descriptively called “Mark your Territory.” Although this is not currently available [...]

After testing a fair number of mobile applications I thought I would share 3 of the most common vulnerabilities I've come across thus far. In regards to scope, when referring to "mobile applications", we really mean both the mobile application and the web-service.

Moral of the story is, if a mobile device is lost or stolen (happens way more often than it should), credentials are ripe for the picking. Physical access is not always required of course. Anyway, pretty much anyone who has spent 2 minutes on "The Googles" can find out where you are storing your metaphorical "house keys". There are solutions to this problem, for instance, I've heard great things about Android-SQLCipher and don't forget about platform API solutions as well (if your not a fan of third party libraries).

Crappy session handling:

I don't think this title will ever make its way on to an OWASP Top 10 but it certainly reflects the issue accurately. Not to say this is limited only to Mobile Apps & Web Services, far from it, it is just very common amongst them.

Examples -

So, here is a fun one, pure basic-authorization schemas . You typically see this in a SOAP-service-to-Mobile-App architecture but obviously the two aren't mutually exclusive. For those not familiar with basic-authorization, it means the user's credentials are sent in the standard basic-auth format (Base64 encoded user:password). The problem occurs when, instead of leveraging a session handling schema, the user/password combo is sent with every request to the web-service as a means to authenticate the user for the requested resource. There are many disadvantages. Namely, if SSL isn't in play, you've increased the likelihood that the credentials will be stolen (ahhh....... lattes, croissants and good ol' packet sniffing). Additionally, because you haven't a session to destroy, there is no inactivity lock-out. Typically the creds are stored (plain-text of course) on the device, retrieved by the app and then sent in the request on a per-request basis. This means, the person on that device may not be the person you intended to view potentially sensitive information.

Another big session-related issue is leveraging device identifiers or good old client-side data to control privileges of a user. Imagine the classic parameter tampering (userid=100 becomes userid=101) but this time with the UUID of an iPhone device. The classic session identifier -> user map -> role enforcement still works so it is unnecessary to build your schema in this way.

API Keys, Test Accounts and Dirty Laundry

From test account credentials along with the test URL, which provided juicy insight into the inner workings of an architecture to the personal email addresses of developers (think - social engineering/username enumeration), the list of things put into the source code can still be fairly surprising.

These applications are reversible. Especially Android apps, between dex2jar/apktool/jd-gui.......its pretty easy to see things not intended for your eyes. Developers need to scrub sensitive data prior to sending the code out for production and treat data like its a public blog post......everyone can read it. Oh, and make sure you aren't hard-coding API or encryption keys!

Okay, so those titles will never end up on a Top 10 but the content has! I would encourage those interested to check out the OWASP Mobile Top 10 Risksand please, don't forget the project always needs additional collaborators.

After testing a fair number of mobile applications I thought I would share 3 of the most common vulnerabilities I've come across thus far. In regards to scope, when referring to "mobile applications", we really mean both the mobile application and the web-service.

Moral of the story is, if a mobile device is lost or stolen (happens way more often than it should), credentials are ripe for the picking. Physical access is not always required of course. Anyway, pretty much anyone who has spent 2 minutes on "The Googles" can find out where you are storing your metaphorical "house keys". There are solutions to this problem, for instance, I've heard great things about Android-SQLCipher and don't forget about platform API solutions as well (if your not a fan of third party libraries).

Crappy session handling:

I don't think this title will ever make its way on to an OWASP Top 10 but it certainly reflects the issue accurately. Not to say this is limited only to Mobile Apps & Web Services, far from it, it is just very common amongst them.

Examples -

So, here is a fun one, pure basic-authorization schemas . You typically see this in a SOAP-service-to-Mobile-App architecture but obviously the two aren't mutually exclusive. For those not familiar with basic-authorization, it means the user's credentials are sent in the standard basic-auth format (Base64 encoded user:password). The problem occurs when, instead of leveraging a session handling schema, the user/password combo is sent with every request to the web-service as a means to authenticate the user for the requested resource. There are many disadvantages. Namely, if SSL isn't in play, you've increased the likelihood that the credentials will be stolen (ahhh....... lattes, croissants and good ol' packet sniffing). Additionally, because you haven't a session to destroy, there is no inactivity lock-out. Typically the creds are stored (plain-text of course) on the device, retrieved by the app and then sent in the request on a per-request basis. This means, the person on that device may not be the person you intended to view potentially sensitive information.

Another big session-related issue is leveraging device identifiers or good old client-side data to control privileges of a user. Imagine the classic parameter tampering (userid=100 becomes userid=101) but this time with the UUID of an iPhone device. The classic session identifier -> user map -> role enforcement still works so it is unnecessary to build your schema in this way.

API Keys, Test Accounts and Dirty Laundry

From test account credentials along with the test URL, which provided juicy insight into the inner workings of an architecture to the personal email addresses of developers (think - social engineering/username enumeration), the list of things put into the source code can still be fairly surprising.

These applications are reversible. Especially Android apps, between dex2jar/apktool/jd-gui.......its pretty easy to see things not intended for your eyes. Developers need to scrub sensitive data prior to sending the code out for production and treat data like its a public blog post......everyone can read it. Oh, and make sure you aren't hard-coding API or encryption keys!

Okay, so those titles will never end up on a Top 10 but the content has! I would encourage those interested to check out the OWASP Mobile Top 10 Risksand please, don't forget the project always needs additional collaborators.

An exploitable integer overflow in apache allows to crash the apache
process or execution of arbitrary code as user running apache. To
exploit the vulnerability, a crafted .htaccess file has to be placed
on the server, therefore the vulnerability impact is rated "Low".

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Sunway ForceControl and Sunway pNetPower, which can be exploited by malicious people to disclose system information and compromise a user's system.

Secunia Security Advisory - Fedora has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

Secunia Security Advisory - Multiple vulnerabilities have been discovered in JAKCMS, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system.

Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.

still you dont need a gpu, even with renegotiation disabled and hardware
acceleration present.
Just don't use openssl (or similar libraries).
you can send the intial communication yourself before its the client's
task to do CPU intensive operations and then just close the connection
and reconnect.

and the thc-ssl-dos is a proof of concept code, and could be enhanced to
do be more effective too....